Hello. I am running Nginx with PHP-FPM. PHP-FPM has its own configuration external to Nginx, including a global `php.conf` and `www.conf`. I am aware that the PHP-FPM configuration can be overridden / modified at a per-directory level under the Nginx root with a `php.ini` file. A recent server compromise involved these extra `php.ini` files to change the configuration against my preferences.by petecooper - Nginx Mailing List - English
Hello. I'm trying (and failing) to write a `location` block to deny access to all files with extension `.abc` in the directory `/def/` and any (wildcard) subdirectory of `/def/`. I would be very grateful for some guidance and further reading. For clarity, this `location` block is the first in the `server`, so there are no conflicts from a previous block. I have the `/def/` block scaffold, anby petecooper - Nginx Mailing List - English
Correction -- and sincere apologies for the error / spamming: ==8<== Configure succeeded with: --with-cc-opt="-march=native -mtune=native -DTCP_FASTOPEN=23 -g -O3 -fstack-protector-strong -flto -ffat-lto-objects -fuse-ld=gold --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wimplicit-fallthrough=0 -Wno-deprecated-declarations -fcode-hoisting -Wp,-D_FORTIFY_SOURCE=2&quoby petecooper - Nginx Mailing List - English
Following up, issue resolved with a (related?) flag: `--with-cc-opt`. I removed the `-m64` directive, and configure succeeded on arm64 / aarch64 CPU. Configure failed with: --with-cc-opt="-m64 -march=native -mtune=native -DTCP_FASTOPEN=23 -g -O3 -fstack-protector-strong -flto -ffat-lto-objects -fuse-ld=gold --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wimplicit-fallthroby petecooper - Nginx Mailing List - English
Hello. I'm trying to compile Nginx 1.25 from source on Debian 11 (arm64 / aarch64). When I use the `--with-file-aio` flag, the `configure` task fails with: ==8<== checking for OS + Linux 5.10.0-23-arm64 aarch64 checking for C compiler ... found + using GNU C compiler + gcc version: 10.2.1 20210110 (Debian 10.2.1-6) checking for gcc -pipe switch ... found checking for -Wl,-E swiby petecooper - Nginx Mailing List - English
Hello. Firstly, thank you to the Nginx team for HTTP/3 & QUIC support in Nginx 1.25.0, and congratulations for this milestone! I am experimenting with deployment, having compiled from source with LibreSSL and successfully enabled 1 site. I have encountered an issue where >1 sites are running on the same instance of Nginx on the same server. I am using this as my basis for configurationby petecooper - Nginx Mailing List - English
Hello. I am adapting my stable Nginx compile script to road test the QUIC preview. Per the readme, I am using `quictls`, specifically v3.0.3. I have not yet tried BoringSSL. My `configure` command completes successfully, but my `make` command fails. I have included output below, and there is a (safe for work) GitHub gist for the `make` output to retain formatting. I would be very grateful fby petecooper - Nginx Mailing List - English
petecooper Wrote: ------------------------------------------------------- > Hello. > I have a single-digit fleet of Ubuntu servers, all running a similar > configuration: > > * Ubuntu 20.04LTS, current kernel via `apt` > * Nginx 1.23.1 from source, with 3rd party modules > * PHP 8.0 or 8.1 from source > > One of the servers has recently had issues withby petecooper - Nginx Mailing List - English
petecooper Wrote: ------------------------------------------------------- > Hello. > I have a single-digit fleet of Ubuntu servers, all running a similar > configuration: > > * Ubuntu 20.04LTS, current kernel via `apt` > * Nginx 1.23.1 from source, with 3rd party modules > * PHP 8.0 or 8.1 from source > > One of the servers has recently had issues withby petecooper - Nginx Mailing List - English
Sergey A. Osokin Wrote: ------------------------------------------------------- Hello Sergey. Thank you for your reply. > On Sat, Aug 13, 2022 at 04:01:19AM -0400, petecooper wrote: > > Hello. > > I have a single-digit fleet of Ubuntu servers, all running a similar > > configuration: > > > > * Ubuntu 20.04LTS, current kernel via `apt` > >by petecooper - Nginx Mailing List - English
Hello. I have a single-digit fleet of Ubuntu servers, all running a similar configuration: * Ubuntu 20.04LTS, current kernel via `apt` * Nginx 1.23.1 from source, with 3rd party modules * PHP 8.0 or 8.1 from source One of the servers has recently had issues with what appears to be an Nginx segfault, which manifests as high CPU load, repeated `apport` processes spawning, and errors wby petecooper - Nginx Mailing List - English
I run a fleet of small- to medium-scale web apps on PHP, and I'm comfortable compiling Nginx + PHP to to optimise for my needs. Until now, I've used PHP-FPM exclusively. I have read about performance improvements with Nginx Unit as far as PHP is concerned. This interests me, and I have time available to learn. My question - for anyone who's gone from PHP-FPM to Unit…was it worth it? What adviby petecooper - Nginx Mailing List - English
Please ignore this thread, I found the answer: https://trac.nginx.org/nginx/ticket/1529#comment:1 Thank you.by petecooper - Nginx Mailing List - English
I am following up with fresh eyes.The 3x ciphers that cause problems are: TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 I have just noticed each cipher name above has an underscore `_` character as a separator. The working ciphers all use a dash `-` as a separator. Might that be a factor in Nginx rejecting the cipher names?by petecooper - Nginx Mailing List - English
Hello. I am running Nginx 1.21.6 with OpenSSL 3.0.1 and the Mozilla [1] 'Modern' ciphers 4.0 without issue. When I change the ciphers to Mozilla 'modern' 5.5, Nginx fails a config test with: nginx: SSL_CTX_set_cipher_list("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256") failed (SSL: error:0A0000B9:SSL routines::no cipher match). The line in nginx.coby petecooper - Nginx Mailing List - English
Hello. I am not currently able to compile Nginx with zlib-ng. Support for zlib-ng was added in April 2021: http://mailman.nginx.org/pipermail/nginx-devel/2021-April/013945.html https://hg.nginx.org/nginx/rev/1f3d0d9f893f I am using the current release of zlib-ng: https://github.com/zlib-ng/zlib-ng/releases/tag/2.0.6 I am using an `apt`-patched Ubuntu 20.04 LTS amd64 server. I aby petecooper - Nginx Mailing List - English
I am attempting to compile Nginx 1.21.3 with libdeflate[1] with a view to comparing performance against classic Zlib and the Cloudflare fork of Zlib[2]. I can successfully compile Nginx with classic Zlib. I can also successfully compile Nginx with Cloudflare Zlib. I cannot yet compile Nginx with libdeflate. I am falling down during Nginx `make` with this error: --8<-- cc -c -pipe -Oby petecooper - Nginx Mailing List - English
Hello. Per the documentation: > $ssl_cipher > returns the name of the cipher used for an established SSL connection. This means `$ssl_cipher` returns e.g `TLS_CHACHA20_POLY1305_SHA256`. Is it possible to return the corresponding hex value e.g. `0x1303` instead? Thank you, and best wishes.by petecooper - Nginx Mailing List - English
Hello Maxim. > nginx does not care if the upstream socket is reacheable or not > when it parses configuration, it is only important when processing > a particular request. That is, nginx can (and will) start just > fine if the socket doesn't exist (or, similarly, upstream server's > IP address isn't reachable). And that's what "nginx -t" > checks for: ifby petecooper - Nginx Mailing List - English
Hello. I have some servers running PHP applications on Nginx via PHP-FPM. Each server uses a named socket in the filesystem. Nginx can often pass its configuration test but the server does not function as expected if the named socket file is not there (i.e. PHP-FPM is not running as expected). Is it possible to integrate a check for the existence of that socket file in the `nginx -t` process?by petecooper - Nginx Mailing List - English
I compile Nginx from mainline source and update shortly after each patch/point release. As part of the compile process, I obtain the current OpenSSL source and bake that in with these compile flags: --with-openssl-opt="enable-ec_nistp_64_gcc_128 shared no-ssl2 no-ssl3 no-weak-ssl-ciphers -fstack-protector-strong" \ --with-openssl=../../openssl-source/openssl-OpenSSL_$openssl_source_vby petecooper - Nginx Mailing List - English
Moshe Katz Wrote: ------------------------------------------------------- > Your problem is that you are adding an extra question mark. > > From the docs: > > > $is_args > > “?” if a request line has arguments, or an empty string otherwise > > > Take the extra question mark out of your try_files line. It should > look > like this: >by petecooper - Nginx Mailing List - English
Hello. I run a PHP + MySQL content management system on Nginx (1.19.0 at time of writing) and an issue has arisen with the way I'm handing PHP files in some situations. The issue appears to manifest with queries when they are prepended by a path, where a `?` is prepended. If the queries exist in the root location, they work as expected. Take the two following URIs, note the second has a `by petecooper - Nginx Mailing List - English
Hi Francis. Francis Daly Wrote: ------------------------------------------------------- > I suggest that you'll be happier in the long run using a templating > language, or macro-substituting language, external to nginx; along > with > "source" conf files that are to have the substitutions applied; and > change the value there and regenerate the nginx conf parts,by petecooper - Nginx Mailing List - English
I compile Nginx mainline from source and update every release. I run a small fleet of open source project and some small business Linux servers with multiple websites per server. There are occasions when a site is taken down for maintenance (typically minutes or hours of downtime out of peak hours), or is under development for extended periods, and also when 'normal' production status is happeningby petecooper - Nginx Mailing List - English
Francis Daly Wrote: ------------------------------------------------------- > Do you know whether the file that corresponds to the url /index.php > exists? > > If it does exist, use > > try_files $uri $uri/ /index.php?$args; > > If it does not exist, use > > try_files $uri $uri/ =404; Hello Francis. Thank you for your reply. I have some servby petecooper - Nginx Mailing List - English
Hello. I've got into knots with `try_files` inside `location` when PHP is involved. Ideally, I would like the following route for `try_files` (in order): * $uri (requested URI) * $uri/ (requested URI, trailing slash) * /index.php?$args (use root `index.php` with args) * =404 (Nginx returns 404) Here is my current code: location / { index index.html index.by petecooper - Nginx Mailing List - English
Hello. I use `add_header` to build Content Security Policy and Feature Policy headers. To help with change control and maintainability I build an Nginx variable from nothing and add each Content Security Policy and Feature Policy data/source type on a different line. The Nginx variable is unique to the `server` block. For example (excerpt from `server` block for subdomain.example.com): #nesby petecooper - Nginx Mailing List - English
Francis Daly Wrote: ------------------------------------------------------- > It seems to work for me: > > "xml" should have 0s, so now. > "rss" should have 1h. > "png" should have 1M. > > $ curl -s -i http://127.0.0.1/a.xml | grep '^Content-Type\|^Expires' > Content-Type: text/xml > Expires: Tue, 04 Sep 2018 12:16:40 GMT >by petecooper - Nginx Mailing List - English
Hello. I am attempting to use `expires` on Nginx 1.15.3 to define the expiry of files on a per MIME type basis. I have used [1] as a base, and constructed the following `map` in the `http` section of a `include`-d `server` block (domain sanitised): map $sent_http_content_type $www_example_com_expires { default 1M; application/atom+xml 1h; application/javascripby petecooper - Nginx Mailing List - English